Ransomware strikes a nerve.
The U.S. blood supply is under pressure from a ransomware attack. CrowdStrike shareholders sue the company. There’s a critical vulnerability in Bitdefender’s GravityZone Update Server. BingoMod RAT targets Android users. Hackers use Google Ads to trick users into a fake Google Authenticator app. Western Sydney University confirms a major data breach. Marylands leads the way in gift card scam prevention. NSA is all-in on AI. My guest is David Moulton, host of Palo Alto Networks' podcast Threat Vector. Attention marketers: AI isn’t the buzzword you think it is.
Today is Thursday August 1st, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
The U.S. blood supply is under pressure from a ransomware attack.
One of the largest blood centers in the U.S., OneBlood, is operating at reduced capacity due to a ransomware attack that has disrupted parts of its system. This nonprofit, serving healthcare facilities across the southeastern U.S., announced that the attack has impacted their ability to operate efficiently. They have implemented manual processes, which take longer and affect inventory availability, and have urged hospitals to activate critical blood shortage protocols.
Despite these challenges, OneBlood continues to collect, test, and distribute blood with assistance from cybersecurity experts and federal and state officials. There is an urgent call for O positive, O negative, and platelet donations, although all blood types are needed.
The attack on OneBlood follows a similar incident in the U.K., where the Synnovis pathology services provider was attacked by the Qilin ransomware gang, severely impacting the National Health Service and leading to the cancellation of critical surgeries and urgent calls for blood donations. South Africa’s national lab service was also recently attacked, affecting efforts to manage mpox, HIV, and tuberculosis.
CrowdStrike shareholders sue the company.
CrowdStrike is facing a lawsuit from its shareholders following a disastrous software update that crashed over eight million computers worldwide. The shareholders accuse the cybersecurity firm of making “false and misleading” statements about its software testing procedures. The incident led to a 32% drop in CrowdStrike’s share price, wiping out $25 billion in market value over 12 days. The company has denied the allegations and plans to defend itself in the proposed class-action lawsuit.
The outage, which began on July 19, 2024, severely affected businesses, including airlines, banks, and hospitals. As of July 29, CrowdStrike announced that the issues had been resolved. The lawsuit, filed in federal court in Austin, Texas, alleges that executives misled investors about the adequacy of software testing. Delta Air Lines reported a $500 million loss due to the disruption and is considering seeking compensation from CrowdStrike. The company blames the incident on a “bug” in the update process and promises better testing and checks to prevent future problems.
There’s a critical vulnerability in Bitdefender’s GravityZone Update Server.
A critical vulnerability, CVE-2024-6980, has been discovered in Bitdefender’s GravityZone Update Server, raising significant security concerns. This flaw allows server-side request forgery (SSRF) attacks, potentially compromising sensitive data. With a CVSS score of 9.2, the vulnerability is critical, being remotely accessible, requiring high attack complexity, and not needing authentication or user interaction.
The issue arises from a verbose error handling problem within the server’s proxy service, allowing attackers to manipulate server requests and possibly gain unauthorized access. Security researcher Nicolas Verdier identified and reported this vulnerability. Bitdefender has quickly released a fix, urging users to update immediately to prevent exploitation.
BingoMod RAT targets Android users.
A newly identified remote access trojan (RAT) called BingoMod is targeting Android users to steal information and facilitate account takeover, according to Cleafy. Unlike known malware families, BingoMod enables attackers to initiate unauthorized money transfers by performing on-device fraud (ODF), bypassing security measures. The malware steals user information such as SMS messages and credentials, performs overlay attacks, and offers remote access via VNC-like functionality. Likely developed by Romanian speakers, it targets devices in English, Romanian, and Italian.
BingoMod is distributed through smishing, posing as a legitimate antivirus application. Once installed, it requests Accessibility Services permissions, locking users out while executing its payload. It logs keystrokes, intercepts SMS messages, and allows approximately 40 remote operations. Notably, it can send SMS messages from infected devices to spread further and includes a device-wiping feature after fraudulent transactions. The malware is in active development, experimenting with obfuscation techniques to evade detection.
Hackers use Google Ads to trick users into a fake Google Authenticator app.
Hackers are exploiting Google Ads by impersonating Google to trick users into downloading malware disguised as Google Authenticator from GitHub. According to research from Malwarebytes Labs, these malicious ads appear official and verified by Google, targeting users searching for Google Authenticator, a popular multi-factor authentication tool. The ads redirect users to fake websites that offer a malicious “Authenticator.exe” file hosted on GitHub.
Once installed, the malware, known as DeerStealer, exfiltrates personal data. The fraudulent ads show the official Google website but are linked to “Larry Marr,” a fake account verified by Google. The scam involves multiple redirects through domains controlled by the attackers, eventually leading to the fake Authenticator site. Hosting the malware on GitHub allows the threat actors to leverage a trusted platform. The report highlights the irony of users being compromised while trying to improve security and advises against downloading software via ads.
Western Sydney University confirms a major data breach.
Australia’s Western Sydney University has confirmed a significant data breach, with a hacker accessing its Microsoft Office 365 environment and Isilon storage platform. The breach lasted from July 9, 2023, to March 16, 2024, during which 580 terabytes of data were exfiltrated from 83 directories. In January, the university discovered the unauthorized access and notified 7,500 affected individuals. Compromised data included student IDs, personal information, and sensitive workplace details. While no evidence suggests the data has been published or threatened online, the university continues to monitor the dark web for signs of exposure. In a July 31 update, WSU stated there is no indication the breach extends beyond its Office 365 and Isilon environments.
Marylands leads the way in gift card scam prevention.
Maryland is the first state to pass a law targeting gift card scams with the Gift Card Scams Prevention Act of 2024, signed by Governor Wes Moore. The law requires gift cards sold in stores to be securely packaged to prevent thieves from accessing card numbers. Merchants selling gift cards online must register with the Attorney General’s Division of Consumer Protection and train employees to detect fraud. Gift card scams have caused significant losses, totaling $228 million in 2023, as thieves drain card balances before returning them to stores. Without secure packaging, gift card funds are vulnerable because thieves can easily access barcodes and PINs. The U.S. Department of Homeland Security has established a task force to combat this growing issue.
NSA is all-in on AI.
Over the past year, over 7,000 NSA analysts have started using generative AI tools for intelligence, cybersecurity, and business workflows, according to agency director Gen. Timothy Haugh. The NSA is focusing on a few promising AI projects while encouraging experimentation with others. The agency’s AI security center has been successful in identifying vulnerabilities in large language models and aims to help smaller companies lacking infrastructure protect their intellectual property. The NSA emphasizes the need for robust AI governance to ensure privacy and compliance. The agency plans to host a conference on AI in national security, stressing AI’s impact on future warfare and the importance of protecting critical systems and infrastructure. The NSA is also working with startups to raise awareness about intellectual property theft and advocate for government-wide AI adoption.
Our guest today is Palo Alto Networks Director of Thought Leadership and host of their podcast Threat Vector here on the N2K network, David Moulton. Threat Vector is upping its game joining the weekly episode cadence. We talk about the evolution of the show and what we can expect to see coming next. We’ll be right back
Welcome back. Thanks, David. You can check out more about David and Threat Vector in our show notes including a link to today’s new episode featuring Palo Alto Networks Founder and CTO Nir Zuk.
<Kicker, Fun Fact or B-Roll>
Attention marketers: AI isn’t the buzzword you think it is.
And finally, I’m not telling you anything you don’t already know when I say that suddenly it feels like the entire cyber security industry has a bad case of AI fever. Ands it’s not just cyber - Every gadget, from your toaster to your toothbrush, is boasting about its “artificial intelligence” features. Sounds cutting-edge, right? But hold your enthusiasm—because a recent study suggests that consumers are actually getting pretty fed up with this trend.
According to research published in the Journal of Hospitality Marketing & Management, mentioning AI in product marketing is becoming a major turn-off. A group of 1,000 respondents showed that products described as using AI were consistently less popular. In fact, when AI was mentioned, emotional trust plummeted, leading to decreased purchase intentions.
Take, for example, a smart TV. When described as having “artificial intelligence,” consumers reacted with a resounding “hard pass.” Yet, remove the AI buzzwords, and suddenly the same TV was a hot commodity.
Washington State University’s Mesut Cicek summed it up: “Including AI in descriptions? Bad move, especially for high-risk purchases like electronics or medical devices.”
And it’s not just limited to TVs. The effect was consistent across eight product categories. Even the tech-savvy crowd seems to be rolling their eyes at AI hype.
The trend speaks to a broader phenomenon. Gartner noted that the generative AI hype has surpassed its “peak of inflated expectations,” leaving consumers wary of exaggerated promises and astronomical costs. Despite companies cramming AI into every nook and cranny—from dating apps to car salesmen—buyers are skeptical.
Cicek advises marketers to ditch the AI lingo and focus on actual product benefits. Because, let’s face it, we’re all a bit tired of every product pretending it’s the next big AI innovation. It’s time to drop the buzzwords and keep it real, folks.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
And that’s the CyberWire.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.